|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Posix spawn kernel information leak"
Ra1ningSn0w (talk | contribs) |
Ra1ningSn0w (talk | contribs) |
||
| Line 1: | Line 1: | ||
| + | == '''Vulnerability''' == |
||
| − | |||
| − | '''Vulnerability''' |
||
There is a vulnerability in the method posix_spawn() in the XNU kernel. When it is used with the flag _POSIX_SPAWN_DISABLE_ASLR, it disables ASLR for the process running. On x86_64 processes it also disables heap randomization. |
There is a vulnerability in the method posix_spawn() in the XNU kernel. When it is used with the flag _POSIX_SPAWN_DISABLE_ASLR, it disables ASLR for the process running. On x86_64 processes it also disables heap randomization. |
||
Furthermore the flag _POSIX_SPAWN_ALLOW_DATA_EXEC enables execution on the heap |
Furthermore the flag _POSIX_SPAWN_ALLOW_DATA_EXEC enables execution on the heap |
||
| + | == '''Credit''' == |
||
| − | |||
| − | '''Credit''' |
||
[[I0n1c]] |
[[I0n1c]] |
||
| − | '''Links''' |
+ | == '''Links''' == |
[http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf Writeup by i0n1c p. 4 ff.] |
[http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf Writeup by i0n1c p. 4 ff.] |
||
Revision as of 19:10, 4 January 2014
Vulnerability
There is a vulnerability in the method posix_spawn() in the XNU kernel. When it is used with the flag _POSIX_SPAWN_DISABLE_ASLR, it disables ASLR for the process running. On x86_64 processes it also disables heap randomization. Furthermore the flag _POSIX_SPAWN_ALLOW_DATA_EXEC enables execution on the heap
